In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit. Use scnprintf() instead of snprintf(), which returns the actually output letters, for addressing the potential out-of-bounds access properly.
History

Fri, 08 Nov 2024 16:15:00 +0000


Thu, 31 Oct 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Redhat
Redhat enterprise Linux
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Wed, 30 Oct 2024 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Tue, 29 Oct 2024 01:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit. Use scnprintf() instead of snprintf(), which returns the actually output letters, for addressing the potential out-of-bounds access properly.
Title parport: Proper fix for array out-of-bounds access
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-29T00:50:16.263Z

Updated: 2024-12-19T09:32:30.211Z

Reserved: 2024-10-21T19:36:19.940Z

Link: CVE-2024-50074

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-10-29T01:15:04.540

Modified: 2024-11-08T16:15:45.653

Link: CVE-2024-50074

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-29T00:00:00Z

Links: CVE-2024-50074 - Bugzilla